Re: Problems logging in with 389-console

Rich Megginson <rmeggins@xxxxxxxxxx> · Tue, 27 Mar 2012 09:14:32 -0600

On 03/27/2012 09:07 AM, Mike Mercier wrote:
On Tue, Mar 27, 2012 at 10:05 AM, Rich Megginson<rmeggins@xxxxxxxxxx>  wrote:
On 03/27/2012 06:46 AM, Mike Mercier wrote:
Hello,

On Mon, Mar 26, 2012 at 10:47 AM, Rich Megginson<rmeggins@xxxxxxxxxx>
  wrote:
On 03/26/2012 08:28 AM, Mike Mercier wrote:
Hello,

adm.conf attached.
Have you configured the directory server to use TLS/SSL?
No, TLS/SSL was not configured. I did the following to install 389.

Install fedora 16
run yum update
install 389
run setup-ds-admin.pl using the 'Typical' option
run 389-console and try to login as cn=Directory Manager

Can you try with 389-admin-1.1.28 now in updates-testing?
[root@localhost ~]# rpm -qa | grep 389
389-console-1.1.7-1.fc16.noarch
389-ds-console-doc-1.2.6-1.fc16.noarch
389-ds-base-libs-1.2.10.4-2.fc16.x86_64
389-ds-1.2.2-1.fc15.noarch
389-ds-base-1.2.10.4-2.fc16.x86_64
389-ds-console-1.2.6-1.fc16.noarch
389-admin-console-doc-1.1.8-2.fc16.noarch
389-admin-console-1.1.8-2.fc16.noarch
389-dsgw-1.1.7-2.fc16.x86_64
389-admin-1.1.28-1.fc16.x86_64
389-adminutil-1.1.14-1.fc16.x86_64

When using 389-console

/var/log/dirsrv/admin-serv/error
[Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:36:31 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:36:31 2012] [notice] [client 127.0.0.1] unable to bind
to server [localhost.localdomain:389] as [(anonymous)]
[Tue Mar 27 08:36:31 2012] [crit] buildUGInfo(): unable to initialize
TLS connection to LDAP host localhost.localdomain port 389: 4
[Tue Mar 27 08:36:31 2012] [error] [client 127.0.0.1] user
cn=Directory Manager not found: /admin-serv/authenticate

/var/log/dirsrv/admin-serv/access
127.0.0.1 - cn=Directory Manager [27/Mar/2012:08:36:31 -0400] "GET
/admin-serv/authenticate HTTP/1.0" 401 478

When using http://http://localhost.localdomain:9830/dist/download and
clicking '389 Administration Express'

/var/log/dirsrv/admin-serv/error
[Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
referer: http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:41:58 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
referer: http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1,
referer: http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:42:00 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Tue Mar 27 08:42:00 2012] [notice] [client 127.0.0.1] unable to bind
to server [localhost.localdomain:389] as [(anonymous)], referer:
http://localhost.localdomain:9830/dist/download
[Tue Mar 27 08:42:00 2012] [crit] buildUGInfo(): unable to initialize
TLS connection to LDAP host localhost.localdomain port 389: 4

/var/log/dirsrv/admin-serv/access

127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /dist/download
HTTP/1.1" 200 4470
127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/spacer.gif
HTTP/1.1" 200 43
127.0.0.1 - - [27/Mar/2012:08:41:58 -0400] "GET /icons/goto.gif HTTP/1.1"
200 86
127.0.0.1 - admin [27/Mar/2012:08:42:00 -0400] "GET
/admin-serv/tasks/configuration/HTMLAdmin?op=index HTTP/1.1" 500 615
What's in your directory server access log from around this time?
/var/log/dirsrv/slapd-INSTANCE/access
Strangely, there are no entries in the file from that time...  below
is the entire file
/var/log/dirsrv/slapd-mpls/access:

	389-Directory/1.2.10.2 B2012.054.1543
	localhost.localdomain:389 (/etc/dirsrv/slapd-mpls)

[22/Mar/2012:15:09:39 -0400] conn=8 op=-1 fd=64 closed - B1
[22/Mar/2012:15:09:39 -0400] conn=10 op=-1 fd=65 closed - B1
The access log is buffered - if you're not hitting the directory server 
with any operations, then it won't flush it's buffer.  The other way to 
make it flush is to shut it down.

Thanks,
Mike

Thanks,
Mike

On Fri, Mar 23, 2012 at 10:42 AM, Rich Megginson<rmeggins@xxxxxxxxxx>
  wrote:
On 03/22/2012 10:47 AM, Mike Mercier wrote:
Hi,

Sorry for the delay...

/var/log/dirsrv/admin-serv/access

127.0.0.1 - cn=Directory Manager [22/Mar/2012:12:43:32 -0400] "GET
/admin-serv/authenticate HTTP/1.0" 401 478

/var/log/dirsrv/admin-serv/error
[Thu Mar 22 12:43:26 2012] [notice] caught SIGTERM, shutting down
[Thu Mar 22 12:43:27 2012] [notice] SELinux policy enabled; httpd
running as context system_u:system_r:httpd_t:s0
[Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:28 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:28 2012] [warn] Unable to bind as LocalAdmin to
populate LocalAdmin tasks into cache.
[Thu Mar 22 12:43:28 2012] [notice] Access Host filter is: *
[Thu Mar 22 12:43:28 2012] [notice] Access Address filter is: *
[Thu Mar 22 12:43:29 2012] [notice] Apache/2.2.22 (Unix) configured --
resuming normal operations
[Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:29 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:29 2012] [warn] Unable to bind as LocalAdmin to
populate LocalAdmin tasks into cache.
[Thu Mar 22 12:43:29 2012] [notice] Access Host filter is: *
[Thu Mar 22 12:43:29 2012] [notice] Access Address filter is: *
[Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1]
admserv_host_ip_check: ap_get_remote_host could not resolve 127.0.0.1
[Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:32 2012] [error] Could not bind as []: ldap error
-1: Can't contact LDAP server
[Thu Mar 22 12:43:32 2012] [notice] [client 127.0.0.1] unable to bind
to server [localhost.localdomain:389] as [(anonymous)]
[Thu Mar 22 12:43:32 2012] [crit] buildUGInfo(): unable to initialize
TLS connection to LDAP host localhost.localdomain port 389: 4

Can you post your /etc/dirsrv/admin-serv/adm.conf?
Have you configured your directory server to use SSL?

[Thu Mar 22 12:43:32 2012] [error] [client 127.0.0.1] user
cn=Directory Manager not found: /admin-serv/authenticate

NOTE: This is after modifying 'local.conf' with
configuration.nsadminaccesshosts: *

Thanks,
Mike

On Fri, Mar 16, 2012 at 5:43 PM, Mark Reynolds<mareynol@xxxxxxxxxx>
  wrote:
Hi Michael,

see comments below...

On 03/16/2012 02:42 PM, Michael Mercier wrote:

Hello,

I seem to be having problems using the 389-console GUI.

I am entering the following information into each of the fields:

User ID: cn=Directory Manager
Password: password
Administration URL: http://localhost.localdomain:9830

It fails with the following error:

Cannot logon because of an incorrect User ID,
Incorrect password or Directory problem.

HttpException:
Response: HTTP/1.1 401 Authorization Required
Status: 401
URL:     http://localhost.localdomain:9830/admin-serv/authenticate

Do you have a DS access log snippet showing the bind&        result?

I might not hurt to restart the admin server as well.

Thanks,
Mark

I have also tried with:
User ID: admin
Password: password
Administration URL: http://localhost.localdomain:9830

It fails with the following error:

Cannot connect to the directory server:
netscape.ldap.LDAPException: error result (32): No such object

I am able to run searches from the command line:

[root@localhost ~]# ldapsearch -x -b o=netscaperoot -D "cn=directory
manager" -w password "nsDirectoryURL=*"
# extended LDIF
#
# LDAPv3
# base<o=netscaperoot>        with scope subtree
# filter: nsDirectoryURL=*
# requesting: ALL
#

# UserDirectory, Global Preferences, MyDomain, NetscapeRoot
dn: cn=UserDirectory,ou=Global Preferences,ou=MyDomain,o=NetscapeRoot
objectClass: top
objectClass: nsDirectoryInfo
nsDirectoryURL: ldap://localhost.localdomain:389/dc=mpls
cn: UserDirectory

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
[root@localhost ~]#

If I try to access http://localhost.localdomain:9830 with a web
browser, I am shown the "Services for users" page, but when I click
on
"389 Administration Express" i get the following error:

Internal Server Error

The server encountered an internal error or misconfiguration and was
unable to complete your request.

Please contact the server administrator, [no address given] and
inform
them of the time the error occurred, and anything you might have done
that may have caused the error.

More information about this error may be available in the server
error
log.
Apache/2.2 Server at localhost.localdomain Port 9830

Anyone have any ideas?

Thanks,
Mike

[root@localhost ~]# more /etc/redhat-release
Fedora release 16 (Verne)
[root@localhost ~]# rpm -qa|grep 389
389-console-1.1.7-1.fc16.noarch
389-ds-console-doc-1.2.6-1.fc16.noarch
389-ds-base-libs-1.2.10.2-1.fc16.x86_64
389-ds-1.2.2-1.fc15.noarch
389-ds-console-1.2.6-1.fc16.noarch
389-admin-1.1.23-1.fc16.x86_64
389-admin-console-doc-1.1.8-2.fc16.noarch
389-admin-console-1.1.8-2.fc16.noarch
389-dsgw-1.1.7-2.fc16.x86_64
389-adminutil-1.1.14-1.fc16.x86_64
389-ds-base-1.2.10.2-1.fc16.x86_64

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users